Commit ed88bdcfbd for qemu.org

commit ed88bdcfbdcf9d411607cd690f93f915feff6a5b
Author: Paolo Bonzini <pbonzini@redhat.com>
Date:   Fri Dec 12 18:06:45 2025 +0100

    target/i386/tcg: allow VEX in 16-bit protected mode

    VEX is only forbidden in real and vm86 mode; 16-bit protected mode supports
    it for some unfathomable reason.

    Cc: qemu-stable@nongnu.org
    Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index f662364c60..09e3d8884c 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -2872,20 +2872,16 @@ static void disas_insn(DisasContext *s, CPUState *cpu)
     case 0xc5: /* 2-byte VEX */
     case 0xc4: /* 3-byte VEX */
         /*
-         * VEX prefixes cannot be used except in 32-bit mode.
-         * Otherwise the instruction is LES or LDS.
+         * Bits 6-7 of the first byte must be set except in 64-bit mode.
+         * Otherwise the instruction is LES or LDS.  Not allowed in real mode.
          */
-        if (CODE32(s) && !VM86(s)) {
+        if (PE(s) && !VM86(s)) {
             static const int pp_prefix[4] = {
                 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
             };
             int vex3, vex2 = x86_ldub_code(env, s);

             if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
-                /*
-                 * 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
-                 * otherwise the instruction is LES or LDS.
-                 */
                 s->pc--; /* rewind the advance_pc() x86_ldub_code() did */
                 break;
             }